Skip to content. | Skip to navigation

Advanced Search…
Personal tools
You are here: Home Audit Services Audit Process Audit Report

Audit Report

by Scott,Barry Vance last modified Jun 18, 2009 03:09 PM

The audit report is the culmination of the audit process.  It communicates the conditions found during the  audit, assures you of the validity of the audit issues and provides a mechanism in table format to be used  to follow-up on action plans.  A quality audit report highlights your concerns; immaterial items will be omitted.  The audit reports at the University of Louisville consist of an Executive Summary and a Detailed Audit Report.

Executive Summary

The Executive Summary provides you with an overview of the audit results.  The executive summary includes:

  • A brief description of what was audited, objectives, scope, time periods;
  • Capsule statements of significant action plans;
  • Overall statement that gives the proper perspective of the concerns and conclusions; and,
  • Overall audit report rating.

Audit Report Rating

The rating categories are Good, Opportunities for Improvement Exist and Inadequate.  The rating for each audit will be determined by Audit Services and will be included in the Executive Summary of the audit report.  The rating will be based on Audit Service's overall assessment of the significance of issues identified during the audit process.  In determining the applicable rating, the areas that Audit Services will consider include but are not limited to, the following:

  •  Adequacy and documentation of internal controls, policies, procedures, systems and safety requirements;
  • Compliance with policy, procedural, legal, regulatory, safety, accounting, financial, contractual and security requirements;
  • Accuracy of data and information utilized and disseminated;
  • Efficiency of systems and resource utilization

General Guidelines

Audit ratings are based on the condition of the audit issues at the time of the audit, not at the time of the report.  You cannot affect the rating by addressing the issues before audit report issuance.  Management's willful disregard for known control deficiencies or known violations of regulation, policy, etc. can be a factor in considering the  appropriate rating.  If there appears to be an intentional disregard of significant controls by management, the rating could be down graded.  Management has a responsibility to be continuously aware of the status of controls in its area.  Accordingly, lack of knowledge of control violations ordinarily would not preclude a Needs Improvement or Inadequate rating.

Specific Rating Guidelines

These definitions are only a guide and are not meant to be all-inclusive.  The auditor's professional judgment will be the ultimate basis for the report rating.

  • GOOD - Virtually all desired operational, financial, and compliance controls necessary to ensure that risk of material loss is minimized and functional objectives are met, are in place, documented, and performing as designed.  Only minor control exceptions were noted, which either have mitigating back-up controls or the risk of loss associated  with the inadequate or missing control is immaterial.

  • OPPORTUNITIES FOR IMPROVEMENT EXIST - Many of the desired operational, financial, and compliance controls necessary to ensure that risk of material loss is minimized and functional objectives are met, are in place, documented, and performing as designed.  However, control exceptions, either in design or function, were noted for which sufficient mitigating back-up controls could not be identified.  Further deterioration in these controls and/or changes in the operating environment (i.e., increase in volume of transactions, level of operations, etc.) could, but might not, result in failure to adequately prevent material loss or to ensure functional objectives are met.  Early management attention is necessary to address these issues.
  • INADEQUATE - Controls necessary to ensure that risk of material loss is minimized and functional objectives are met, are not in place, documented, or performing as designed.  Control exceptions, either in design or function were noted for which sufficient mitigating back-up controls could not be identified.  Significant risks exist that material losses could occur or functional objectives could fail to be met that would not be prevented or detected timely by the control structure.  Immediate management attention is necessary to address these issues.

Detailed Audit Report

This section of the audit report provides management with brief overview of the areas audited and description of the audit tests performed and the results of these procedures.  The audit report includes Audit Services issues or recommendations to management, developed because of the audit, as well as corrective action plans with a targeted implementation date for each recommendation.

Document Actions
Campus Locations

Budget & Financial Planning
Grawemeyer Hall
Room 20
Louisville, Ky.  40292

Phone: 502-852-6166

 

Bursar's Office
Houchens Building
Room 101
Louisville, Ky. 40292

Phone: 502-852-6503

 

Controller's Office
Service Complex
2nd Floor
Louisville, Ky.  40292

Phone: 502-852-7072

 

Audit Services
1900 Arthur Street
Suite 300
Louisville, Kentucky 40208-2769
Phone: (502) 852-8305

 

Vice President for Finance
Grawemeyer Hall
Room 20
Louisville, Ky.  40292

Phone: 502-852-6166